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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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DETAILED ACTION 

1 . This action is issued in response to applicant filed request for continued 
examination (RCE) on 04/02/2007. 

2. Claims 1 - 2, 7, 1 0 - 1 3, 1 5, 1 8 - 21 , and 23 have been amended. No claims 
were added. No claims were canceled. 

3. Claims 1 - 23 are pending in this application. 



Response to Arguments 

4. Applicant's arguments with respect to amended claims 1 — 2, 7, 10 — 13, 15, 18 — 
21 , and 23 have been considered but are moot in view of the new ground(s) of rejection. 

Continued Examination Under 37 CFR 1.114 

5. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .1 7(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
10/11/2006 has been entered. 
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Claim Rejections - 35 USC §112 

6. The following is a quotation of the first paragraph of 35 U.S.C. 1 1 2: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

7. Claims 1-23 are rejected under 35 U.S.C. 1 1 2, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. 

The limitation including "previous accessed items" recited in claims 1, 4, 5, 10, 12, 13, 
18, 19, 20, and 23 is not clearly described in the specification. 

Any claim not specifically addressed, above, is being rejected as incorporating 
the deficiencies of a claim upon which it depends. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
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the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 1, 3 - 10, 12 - 20, and 22 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Win et al. (Win hereinafter) (US Patent No. 6,182,142 B1, issued: 

January 30, 2001) in view of Joshi et al. (Joshi hereinafter) (US Patent Pub App. No. 

2002/0091 798 A1 , filed: February 26, 2001 ). 

Regarding Claims 1, and 10, Win discloses an article comprising a machine- 
readable medium storing instructions operable to cause one or more machines to 
perform operations comprising: 

analyzing a plurality of database access statements that were issued for an 
application in use (Col.2, lines 28 - 33, Win 1 ) to determine accessed items and types of 
access for the application (Col.2, lines 31 - 34, Win 2 ) 

However, Win does not explicitly disclose that such plurality access statements 
were issued during use to determine previous access items and types of access. On the 
other hand, Joshi discloses access statements that were issued for an application 
during use to determine previous accessed items and types of access for the 
application (Fig. 30, Page 17, [0193], lines 1-19, Joshi). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to incorporate the Joshi's teachings to the system of Win. Skilled 

1 Wherein examiner interprets the step of controlling access, particularly by receiving access information 
and identifying resources authorized (as disclosed by Win) as the step of analyzing the database access 
statements as claimed. 

2 Wherein the resources correspond to the accessed items claimed; and the roles correspond to the type 
of access claimed. 
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artisan would have been motivated to do so, as suggested by Joshi (Page 1 and 17, 
[0016] and [0193], lines 13-17 and 7-19; respectively, Joshi), to be able to customize 
the resource being accessed for the user accessing the resource by, for example, 
determining whether the authentication scheme associated with the requested resource 
has been previously cached, and further determining the type of challenge method for 
authentication. In addition, both of the references (Win and Joshi) teach features that 
are directed to analogous art and they are directed to the same field of endeavor, such 
as, databases management systems, authorization, and authentication. This close 
relation between both of the references highly suggests an expectation of success. 
Furthermore, the combination of Win in of Joshi discloses: 
developing a role for the application based on the previous accessed items and 
types of access for the application (Col.2, lines 35 - 47, Win 3 ; and Fig. 30, Page 17, 
[0193], lines 14-19; Joshi), wherein when the application is in use by a user, the 
developed role for the application allows the user database access (Col. 2, lines 39 - 40 
and 47-49, Win; and Fig. 30, Page 17, [0193], lines 14-19; "...If the challenge 
scheme was not found in step 1 122, authentication event handler 512 loads the 
authentication rule associated with the requested resource from Directory Server 36...", 
Joshi). 

Regarding Claim 3, the combination of Win in view of Joshi discloses a method 
wherein the database access statements comprise Structured Query Language (SQL) 



3 Wherein the step of defining the roles corresponds to the step of developing a role claimed. 
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queries (Col. 7, lines 9 - 1 1 , Win). 

Regarding Claims 4, and 12, the combination of Win in view of Joshi discloses an 
article wherein the previous accessed items and types of access include objects 
accessed (Col. 2, lines 31 - 33, the resources, Win; Fig. 30, Page 17, [0193], lines 1 - 
19, Joshi) and operations performed on the objects (Col. 2, lines 39 - 40, to use the 
resources, Win). 

Regarding Claims 5, and 13, the combination of Win in view of Joshi discloses an 
article wherein developing a role comprises determining permissions for the application 
based on the previous accessed items and types of access (Col. 3, lines 34 - 44, Win; 
and Fig. 30, Page 17, [0193], lines 1-19, Joshi). 

Regarding Claims 6, and 14, the combination of Win in view of Joshi discloses an 
article wherein the instructions are further operable to cause one or more machines to 
perform operations comprising determining which of a set of users are authorized to use 
the application (Col. 3, lines 13-14, Win). 

Regarding Claims 7, and 15, the combination of Win in view of Joshi discloses an 
article wherein the instructions are further operable to cause one or more machines to 
perform operations comprising: 
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determining whether a user request to establish an application session has been 
detected (Figure 5B, item 516, Col. 10, lines 29 - 34, a login attempt, Win); 

finding the role for the application (Figure 5C, item 520 and 522, Col. 10, lines 57 
- 63, Win); and 

assigning the role to a user (Col. 13, lines 32 - 34, Win). 

Regarding Claims 8, and 16, the combination of Win in view of Joshi discloses an 
article wherein detecting a user request to establish an application session comprises 
determining if a user is authorized to use the application (Col. 13, lines 34 - 36, Win). 

Regarding Claims 9, and 17, the combination of Win in view of Joshi discloses an 
article wherein the instructions are further operable to cause one or more machines to 
perform operations comprising: 

detecting an end of the application session (Col.9 and 10, lines 45 - 47 and 39 - 
42; respectively, Win); and 

if an end of the application session is detected (Col. 10, lines 39 - 42, Win), 
disabling the assigned role for the user (Col. 10, lines 42 - 45, Win). 

Regarding Claim 18, the combination of Win in view of Joshi discloses a 
database security analyzer comprising: 
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a communication interface operable to receive a plurality of database access 
statements that were issued for an application during use (Figure 9, item 918, 
Communication Interface, Col. 27, lines 17 - 31, Win); 

a memory operable to store the issued database access statements (Figure 9, 
item 906, Main Memory, Col. 26, lines 8-15, Win); and 

a processor (Figure 9, item 904, processor, Col. 26, lines 36 - 42, Win) operable 
to develop a role for the application based on the previously issued database access 
statements for the application (Col. 2, lines 35 - 38, Win 4 ; and Fig. 30, Page 17, [0193], 
lines 1-19, Joshi), wherein when the application is in use by a user, the developed role 
for the application allows a user database access (Col. 2, lines 39 - 40 and 47 - 49, 
Win). 

Regarding Claim 19, the combination of Win in view of Joshi discloses an 
analyzer wherein developing a role comprises: 

analyzing the database access statements to determine previous accessed items 
and types of access for the application (Col. 2, lines 31 - 34, Win 5 ; and Fig. 30, Page 
17, [0193], lines 1 -19, Joshi); 

determining permissions for the application based on the previous accessed 
items and types of access for the application (Col. 3, lines 34 - 37, Win; and Fig. 30, 
Page 17, [0193], lines 1-19, Joshi); and 



4 Wherein the step of defining the roles corresponds to the step of developing a role claimed. 

5 Wherein the resources correspond to the accessed items claimed; and the roles correspond to the type 
of access claimed. 
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developing a role associated with the application based on the determined 
permissions (Col. 2, lines 35 - 38, Win 6 ), 

Regarding Claim 20, the combination of Win in view of Joshi discloses an 
analyzer wherein the previous accessed items and types of access include objects 
accessed (Col. 2, lines 31 - 33, the resources, Win; and Fig. 30, Page 17, [0193], lines 
1-19, Joshi) and operations performed on the objects (Col. 2, lines 39 - 40, to use the 
resources, Win). 

Regarding Claim 22, the combination of Win in view of Joshi discloses an 
analyzer wherein the memory comprises instructions (Figure 9, item 906, Col. 26, lines 
8-12, Win), and the processor operates according to the instructions (Figure 9, item 
904, Col. 26, lines 36 - 38, Win). 

10. Claims 2, 1 1, 21, and 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Win et al. (Win hereinafter) (US Patent No. 6,182,142 B1, issued: 
January 30, 2001 ), in view of Joshi et al. (Joshi hereinafter) (US Patent Pub App. No. 
2002/0091798 A1 , filed: February 26, 2001 ), and further in view of Paulley et al. 
(Paulley hereinafter) (US Patent No. 6,665,664 B2). 



Wherein the step of defining the roles corresponds to the step of developing a role claimed. 
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Regarding Claims 2, and 1 1 , the combination of Win in view of Joshi discloses a 
article, wherein analyzing the issued database access statements comprises: 

determining whether the plurality of database access statements have been 
captured (Figure 5B, item 516, Col. 10, lines 29 - 34, Win 7 ); 

The combination of Win in view of Joshi also discloses: normalizing the database 
access statements (Col. 14, lines 15-17, Win) and eliminating redundancies in the 
database access statements (Col. 14, lines 15-19, Win). 

However, the combination of Win in view of Joshi does not explicitly disclose: 
normalizing the captured database access statements; and eliminating redundancies in 
the normalized database access statements. On the other hand, Paulley discloses: 
normalizing the captured database access statements (Fig. 4A, item 401, 402, Col. 13, 
lines 34 - 44, Paulley); and eliminating redundancies in the normalized database 
access statements (Fig. 4A, item 403, 404, 405, Col. 14, lines 45 - 49, Paulley). It 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made to incorporate the Paulley' s teachings to the system of the combination of Win in 
view of Joshi. Skilled artisan would have been motivated to do so, as suggested by 
Paulley (Col. 8, lines 20 - 25, Paulley), to provide better optimization of the original SQL 
query without the system overhead that would result from full normalization. In addition, 
the applied references (Win, Joshi, and Paulley) teach features that are directed to 
analogous art and they are directed to the same field of endeavor, such as, databases 



7 Wherein the step of recording a login attempt corresponds to the step of determining whether the 
database access statements have been captured as claimed. Specifically, the user's name and password 
correspond to the access statements claimed. 
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management systems, normalization, and elimination of redundancies. This close 
relation between the applied references highly suggests an expectation of success. 

Regarding Claim 21 , the combination of Win in view of Joshi and further in view 
of Paulley discloses an analyzer wherein developing a role comprises: 

determining whether the received database access statements have been 
captured (Figure 5B, item 516, Col. 10, lines 29 - 34, Win 8 ); 

normalizing the captured database access statements (Col. 14, lines 15-17, 
Win; and Fig. 4A, item 401 , 402, Col. 13, lines 34 - 44, Paulley); and 

eliminating redundancies in the normalized database access statements (Col. 14, 
lines 15-19, Win; and Fig. 4A, item 403, 404, 405, Col. 14, lines 45 - 49, Paulley). 

Regarding Claims 23, the combination of Win in view of Joshi and further in view 
of Paulley discloses a method comprising: 

capturing a plurality of database access statements that were issued for one or 
more applications during use (Figure 5B, item 516, Col. 10, lines 29 - 34, Win), wherein 
the database access statements comprise Structured Query Language (SQL) queries 
(Col. 7, lines 9- 11, Win); 

normalizing the captured database access statements (Col. 14, lines 15-17, 
Win; and Col. 14, lines 15-17, Win; and Fig. 4A, item 401, 402, Col. 13, lines 34 - 44, 
Paulley); 
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eliminating redundancies in the normalized database access statements (Col. 14, 
lines 15-19, Win; and Fig. 4A, item 403, 404, 405, Col. 14, lines 45 - 49, Paulley); 

analyzing the normalized database access statements to determine previous 
accessed items and types of access for an application (Col. 2, lines 31 - 34, Win 9 ; and 
Fig. 30, Page 17, [0193], lines 1-19, Joshi), wherein the previous accessed items and 
types of access include objects accessed (Col. 2, lines 31 - 33, the resources, Win; and 
Fig. 30, Page 17, [0193], lines 1-19, Joshi) and operations performed on the objects 
(Col. 2, lines 39 - 40, to use the resources, Win); 

determining permissions for the application based on previous the accessed 
items and types of access for the application (Col. 3, lines 34 - 37, Win; and Fig. 30, 
Page 17, [0193], lines 1-19, Joshi); 

developing a role for the application based on the previous determined 
permissions (Col. 2, lines 35 - 38, Win 10 ); 

determining which of a set of users are authorized to use the application (Col. 3, 
lines 13-14, Win); 

detecting a user request to establish a session of the application (Figure 5B, item 
516, Col. 10, lines 29 - 34, a login attempt, Win); 

determining if the user is authorized to use the application (Col. 13, lines 34 - 36, 

Win); 



8 Wherein the step of recording a login attempt corresponds to the step of determining whether the 
database access statements have been captured as claimed. Specifically, the user's name and password 
correspond to the access statements claimed. 

9 Wherein the resources correspond to the accessed items claimed; and the roles correspond to the type 
of access claimed. 

10 Wherein the step of defining the roles corresponds to the step of developing a role claimed. 
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if the user is authorized to use the application, finding the role for the application 
(Figure 5C, item 520 and 522, Col. 10, lines 57 - 63, Win); 

assigning the role to the user (Col. 13, lines 32 - 34, Win); 

detecting an end of the application session (Col. 9 and 10, lines 45 - 47 and 39 - 
42; respectively, Win); and 

if an end of the application session is detected (Col. 10, lines 39 - 42, Win), 
disabling the assigned role for the user (Col. 10, lines 42 - 45, Win). 
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Prior Art Made Of Record 

1. Win et al. (US Patent No. 6,182,142 B1, issued: January 30, 2001 ) disclose a 
distributed access management of information resources. 

2. Menninger (US Patent App. Pub. No. 2003/006981 8 A1 ) discloses a system, 
method, and computer program product for creating contracts using a graphical user 
interface in a supply chain management framework. 

3. Gold et al. (US Patent App. Pub. No. 2005/01 02358 A1 ) discloses a web page 
monitoring and collaboration system. 

4. Joshi et al. (US Patent Pub App. No. 2002/0091 798 A1 , filed: February 26, 
2001). 

5. Paulley et al. (US Patent No. 6,665,664 B2). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Giovanna Colan whose telephone number is (571 ) 272- 
2752. The examiner can normally be reached on 8:30 am - 5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Breene can be reached on (571) 272-4107. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Giovanna Colan 
Examiner 
Art Unit 2162 

June 4, 2007 ^ 
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